) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:ultimatemember:ultimate_member:1.3.64:*:*:*:*:wordpress:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2019-10673 |
A CSRF vulnerability in a logged-in user's profile edit form in the Ultimate Member plugin before 2.0.40 for WordPress allows attackers to become admin and subsequently extract sensitive information and execute arbitrary code. This occurs because the attacker can change the e-mail address in the administrator profile, and then the attacker is able to reset the administrator password using the WordPress "password forget" form. Published: April 03, 2019; 1:29:00 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 9.3 HIGH |
| CVE-2018-17866 |
Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field. Published: October 09, 2018; 6:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2018-13136 |
The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen. Published: July 04, 2018; 4:29:00 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2018-0585 |
Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: May 14, 2018; 9:29:02 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |